warning: Error disabling address space randomization: Operation not permitted

Question

what have i done wrong (or didn't do) that gdb is not working properly for me?

root@6be3d60ab7c6:/# cat minimal.c 
int main()
{
  int i = 1337;
  return 0;
}
root@6be3d60ab7c6:/# gcc -g minimal.c -o minimal
root@6be3d60ab7c6:/# gdb minimal
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
.
.
.
Reading symbols from minimal...done.
(gdb) break main
Breakpoint 1 at 0x4004f1: file minimal.c, line 3.
(gdb) run
Starting program: /minimal 
warning: Error disabling address space randomization: Operation not permitted
During startup program exited normally.
(gdb) 
(gdb) print i   
No symbol "i" in current context.

Answer 1

Building on wisbucky's answer (thank you!), here are the same settings for Docker compose:

security_opt:
  - seccomp:unconfined
cap_add:
  - SYS_PTRACE

The security option seccomp:unconfined fixed the address space randomization warnings.

The capability SYS_PTRACE didn't seem to have a noticeable effect even though the Docker documentation states that SYS_PTRACE is a capability that is "not granted by default". Perhaps I don't know what to look for.

Answer 2

If you're using Docker, you probably need the --security-opt seccomp=unconfined option (as well as enabling ptrace):

docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined

Answer 3

For whatever reason, your user account doesn't have permission to disable the kernel's address space layout randomisation for this process. By default, gdb turns this off because it makes some sorts of debugging easier (in particular, it means the address of stack objects will be the same each time you run your program). Read more here.

You can work around this problem by disabling this feature of gdb with set disable-randomization off.

As for getting your user the permission needed to disable ASLR, it probably boils down to having write permission to /proc/sys/kernel/randomize_va_space. Read more here.